Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 16613 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

website is added to exception but still it is UTM is blocking something when ever we try to login.

ezra calubsing

We are experiencing a issue whenever we access a bank portal in internet.

we are able to load the page and enter our username and password, after providing the credentials it keeps loading the page until it reach the the timeout expiration.

we already added the website in web filtering exception, still giving the issue. For testing purpose we connected to 4G router that is not connected to our UTM, it works fine we can access the bank portal and can create transaction.

 

Need help, Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Have you checked in Webfilter Logs if there is an forward to any other website not covered by your exception?

    It's possible, that the bank reroutes webrequests to another server / url. Also its possible that another security mechanism blocks access to the underlying portal.

    Had similar issues with serveral automotiv-company-portals.

    You need to add all the domains popping up in webfilter logs to your exceptions and / or skip one or the other security mechanism.

  • 0 in reply to ThorstenSeiler

    Hi, i checked my webfilter logs.

    no other url poped up, just the bank domain portal.

     

    for security mechanism, i disable the user's firewall and antivirus.

    and for the UTM im only using web filtering and application control.

    But what i found is this, from Chrome Developer Tools>Console
    a warning showed:

    jquery-1.8.3.js?v=20161030145822:2
    Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.

    im not sure if this is related to security.

     

    Thanks,

  • 0 in reply to ezra calubsing

    What happens with i.e. Internet Explorer? Same Issue?

     

    Can you please post a snip of the webfilter log starting from loading the portal till after the login?

    With the Chrome Message you posted I would guess that the site tries to load a script or something from a different location that is beeing blocked...

  • 0 in reply to ThorstenSeiler

    Hi,

     

    For IE this is the ouput, img1 img2

    and for its filter

    2016:11:20-10:00:10 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="220410" request="0xe0537600" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="45021" cattime="0" avscantime="0" fullreqtime="971670202" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

    2016:11:20-10:00:14 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="697709" request="0xa6f5e00" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="4" cattime="0" avscantime="0" fullreqtime="1035805048" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

    2016:11:20-10:00:19 fayfirewall httpproxy[28139]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.11.7" dstip="x.19.90.21" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterAfcc5 (Finance Acess)" filteraction="REF_HttCffProcuAcces (Procurement Access)" size="122005" request="0x9ff7800" url="https://www.bank.com/" referer="" error="Connection timed out" authtime="0" dnstime="44994" cattime="0" avscantime="0" fullreqtime="979862016" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

     

    Thank you.

  • 0 in reply to ezra calubsing

    Hi Ezra,

    Please show us a picture of the Web Filter exception policy. What is the mode of Web Protection configured on UTM?

    Sometimes, status code="500" means that if an Exception for AV doesn't work, you will need to skip the Proxy for that IP. 

    Also, Restart httpproxy by taking SSH to UTM and login as root, execute: /var/mdw/scripts/httpproxy restart. 

    Thanks

Reply
  • 0 in reply to ezra calubsing

    Hi Ezra,

    Please show us a picture of the Web Filter exception policy. What is the mode of Web Protection configured on UTM?

    Sometimes, status code="500" means that if an Exception for AV doesn't work, you will need to skip the Proxy for that IP. 

    Also, Restart httpproxy by taking SSH to UTM and login as root, execute: /var/mdw/scripts/httpproxy restart. 

    Thanks

Children